Bug 16236

Summary: Crash after refreshing a pdf (in poppler_page_render_to_pixbuf)
Product: poppler Reporter: Eric Piel <e.a.b.piel>
Component: glib frontendAssignee: poppler-bugs <poppler-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium CC: nshmyrev
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Eric Piel 2008-06-05 02:47:42 UTC 
Transferring this bug from GNOME Bugzilla: http://bugzilla.gnome.org/show_bug.cgi?id=536518  (with updated info).

Steps to reproduce:
1. Open a pdf file
2. Move around the document (zoom in and out too)
5. Refresh the document
6. Goto 2
After a couple of repetitions, it crashes. I can quite easily reproduce this bug within 3 minutes.

Other information:
This happens both on 64bits and 32bits x86.

I think the crash sometimes happens even while reading other pdf documents, the
common point being that I've refreshed a PDF file.

I could not reproduce this bug neither with PS (that's why it moved from evince to poppler bugzilla), nor in okular.

I think this did not happen a long time ago, I've noticed this bug since about 6 months. This is reproducible with 0.8.3.

Stack trace:
On x86-32 I got this message:

evince: xcb_lock.c:77: _XGetXCBBuffer: Controletest '((int) ((xcb_req) -
(dpy->request)) >= 0)' faalt.
terminate called after throwing an instance of 'std::out_of_range'
  what():  vector::_M_range_check

[1]+  Segmentatiefout 

On x86-64, with a debug enabled evince, I get this backtrace:
#0  0x0000003352c10678 in FT_Done_Face () from /usr/lib64/libfreetype.so.6
#1  0x0000003c11e0c026 in g_cclosure_marshal_VOID__ENUM () at gmarshal.c:334
#2  0x0000003c11e0f36d in cairo_font_face_destroy () from /usr/lib64/libcairo.so.2
#3  0x0000003c11e4d644 in g_cclosure_marshal_VOID__ENUM () at gmarshal.c:334
#4  0x0000003c11e0f1d7 in g_cclosure_marshal_VOID__ENUM () at gmarshal.c:334
#5  0x0000003c11e1b059 in g_cclosure_marshal_VOID__ENUM () at gmarshal.c:334
#6  0x0000003c11e1b170 in cairo_scaled_font_destroy () from /usr/lib64/libcairo.so.2
#7  0x0000003c11e104a2 in g_cclosure_marshal_VOID__ENUM () at gmarshal.c:334
#8  0x0000003c11e104f2 in g_cclosure_marshal_VOID__ENUM () at gmarshal.c:334
#9  0x0000003c11e09dd9 in cairo_set_font_face () from /usr/lib64/libcairo.so.2
#10 0x0000003c1641d9b1 in CairoOutputDev::updateFont () from /usr/lib64/libpoppler-glib.so.3
#11 0x0000003c14cb92ad in Gfx::opShowSpaceText () from /usr/lib64/libpoppler.so.3
#12 0x0000003c14cb09fc in Gfx::go () from /usr/lib64/libpoppler.so.3
#13 0x0000003c14cb70e6 in Gfx::display () from /usr/lib64/libpoppler.so.3
#14 0x0000003c14cb74cc in Gfx::doForm1 () from /usr/lib64/libpoppler.so.3
#15 0x0000003c14cbbaca in Gfx::doForm () from /usr/lib64/libpoppler.so.3
#16 0x0000003c14cbe01c in Gfx::opXObject () from /usr/lib64/libpoppler.so.3
#17 0x0000003c14cb09fc in Gfx::go () from /usr/lib64/libpoppler.so.3
#18 0x0000003c14cb70e6 in Gfx::display () from /usr/lib64/libpoppler.so.3
#19 0x0000003c14cfc9c0 in Page::displaySlice () from /usr/lib64/libpoppler.so.3
#20 0x0000003c16415b45 in g_cclosure_marshal_VOID__ENUM () at gmarshal.c:334
#21 0x0000003c16416727 in poppler_page_render_to_pixbuf () from /usr/lib64/libpoppler-glib.so.3
#22 0x00007f925981efde in pdf_document_thumbnails_get_thumbnail (document_thumbnails=<value optimized out>, rc=0x2139e30, 
    border=1) at ev-poppler.cc:1263
#23 0x000000000041df3b in ev_job_thumbnail_run (job=0x17819c0) at ev-jobs.c:468
#24 0x000000000041c30b in handle_job (job=0x17819c0) at ev-job-queue.c:129
#25 0x000000000041c8fa in ev_render_thread (data=<value optimized out>) at ev-job-queue.c:264
#26 0x000000335345ad54 in g_thread_create_proxy (data=0x1486b90) at gthread.c:635
#27 0x000000334fc072a3 in start_thread () from /lib64/libpthread.so.0
#28 0x000000334f0dce9d in clone () from /lib64/libc.so.6
Comment 1 Michael Vrable 2008-06-26 08:04:29 UTC 
I think that this bug is fixed in the current git version of poppler (commit 5498d93e59a0b79e5add3dc6181d5e98ba689217, or 9134b3200fa3573c6940f4b321a71317dfc00e79 in the poppler-0.8 branch).  At the very least, I encountered a very similar bug, and the fix for that was just committed.

If you get the chance, can you check to see if that fixes the problem you were seeing?
Comment 2 Eric Piel 2008-08-01 14:08:22 UTC 
Sorry for taking a long time, but I wanted to make sure it doesn't crash anymore. Thanks for fixing this bug.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.